Description
In the file assets/runtime/config/nginx/gitlab-registry, the following redirect line causes an infinite redirect loop
return 301 https://$http_host:$request_uri;
When $http_host does not contain a port (e.g., it's just example.com), the output becomes:
Location: https://example.com:/path
This results in a redirect loop and ERR_TOO_MANY_REDIRECTS in browsers and clients.
curl -I -L http://example.com/users/sign_in
HTTP/1.1 301 Moved Permanently
Server: openresty
Date: Tue, 27 May 2025 09:01:47 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://example.com:/users/sign_in
X-Resolver-IP: ****
X-Resolver-IP: ****
HTTP/2 301
server: openresty
date: Tue, 27 May 2025 09:01:47 GMT
content-type: text/html
content-length: 162
location: https://example.com:/users/sign_in
x-resolver-ip: ****
strict-transport-security: max-age=15811200
HTTP/2 301
server: openresty
date: Tue, 27 May 2025 09:01:47 GMT
content-type: text/html
content-length: 162
location: https://example.com:/users/sign_in
x-resolver-ip: ****
strict-transport-security: max-age=15811200
Steps to reproduce:
- Deploy sameersbn/gitlab:17.11.3
- Access /users/sign_in over HTTP.
- Observe malformed redirect in Location: header:
https://example.com:/users/sign_in
Fix:
Replace this line:
return 301 https://$http_host:$request_uri;
with either:
return 301 https://$http_host$request_uri;